Defeat Front-Running on Ethereum

LibSubmarine is an open-source smart contract library that makes it easy to protect your contract against front-runners by temporarily hiding transactions on-chain. Take a look at our code on GitHub.

Front-running

When a user broadcasts an Ethereum transaction, it doesn't become part of the blockchain until a miner includes it in a block. This process usually takes anywhere from a few seconds to several minutes. During this time, other network participants can profit from their knowledge of the future inclusion of the transaction at the user's expense. This is called front-running.

This concern is far from theoretical. For instance, this blog post explains how Bancor, a notable DEX contract, is vulnerable to front-running. Frontrun.me is an IC3 project tracking the competiton between different front-runners and arbitrageurs in real time.

Submarine Sends

We use a technique called Submarine Sends (or Submarine Commitments), first described informally in this blog post, and later analyzed more rigorously in our paper "Enter the Hydra: Towards Principled Bug Bounties and Exploit-Resistant Smart Contracts".

Submarine Sends are related to traditional commitment schemes, but add crucial improvements. Submarine commit transactions carry value and are hidden in a large anonymity set: to anybody but the committer, the commit transaction is indistinguishable from sending ether (or tokens) to a fresh address, i.e. an address that hasn't been used on the Ethereum chain before. In a traditional commitment scheme, the commit transaction would leak not only the destination of the commit, but also the amount of money being sent, becoming front-runnable itself.

Instead of a single public (and hence front-runnable) transaction, we end up with the following flow: The commit transaction contains a cryptographic commit to whatever application specific data the user wished to submit to the smart contract and also locks up any associated ether or tokens in the Submarine Address, which is indistinguishable from a fresh address. Thanks to some cryptographic magicâ„¢, any value locked up in this address can only be unlocked by the smart contract. By attaching monetary value to the commit transaction (that is burned unless the user reveals), we can create strong incentives preventing a malicious user from selectively revealing commits. Once the commit transaction is safely included in the blockchain, the user then reveals her commit to the smart contract, and the smart contract executes its application specific logic.

Fully open-source

All code is on GitHub. We welcome contributions.

Contributors

LibSubmarine is developed by Lorenz Breidenbach, Tyler Kell, Stephane Gosselin, and Shayan Eskandari.

LibSubmarine is based on research conducted at IC3 by Lorenz Breidenbach, Phil Daian, Florian Tramèr, and Ari Juels.

The LibSubmarine logo was designed by Mark Malazarte.

Icons made by Freepik from www.flaticon.com, licensed under CC 3.0 BY.